[linux-elitists] Browser fingerprinting

katana katana at riseup.net
Mon Oct 14 00:27:41 PDT 2013


Hi,

> Check out firegloves. It's outdated, and I'd love to see it getting 
> some love, but it's a great POC for anti-fingerprinting in Firefox.

In <http://www.cosic.esat.kuleuven.be/publications/article-2334.pdf>
about their FPDetective Framework
<http://homes.esat.kuleuven.be/~gacar/fpdetective/>, the authors wrote
about Firegloves:

"Additionally, Firegloves limits the number of fonts that a single
browser tab can load and reports false dimension values for the
offsetWidth and offsetHeight properties of HTML elements to evade
JavaScript-based font detection. We evaluated the effectiveness of
Firegloves’ as a countermeasure to fingerprinting, and discovered
several shortcomings. For instance, instead of relying on offsetWidth
and offsetHeight values, we could easily use the width and the height of
the rectangle object returned by getBoundingClientRect method, which
returns the text’s dimensions, even more precisely than the original
methods. This enabled us to detect the same list of fonts as we would
without the Firegloves extension installed. Surprisingly, our probe for
fonts was not limited by the claimed cap on the number of fonts per tab.
This might be due to a bug, or to changes in the Firefox extension
system that have been introduced after FireGloves, which is not
currently being maintained, was first developed. Although Firegloves
spoofs the browser’s user-agent and platform to pretend to be a Mozilla
Firefox version 6 running on a Windows operating system, the
navigator.oscpu is left unmodified, revealing the true platform.
Moreover, Firegloves did not remove any of the new methods intro-
duced in later versions of Mozilla Firefox and available in
the navigator object, such as navigator.mozCameras and
navigator.doNotTrack."

I add: OK, the naviagtor.oscpu issue can be fixed easily, but the
timezone feature doesnt't work too with enabled JavaScript.

---
Katana



More information about the cypherpunks mailing list